Review
JBERGER
CVE published 2026-07-17
CVE-2026-9537
CVE-2026-9537 is a vulnerability in Mojo::JWT versions before 1.02 for Perl. The decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, leading to a timing variation that leaks the expected signature. This vulnerability can be exploited to recover the expected signature and forge a token. Affected deployments should be ident [truncated]